APPLICATION OVERVIEW
======================
Kies Air is a application that enables you to easily manage contents saved on your device via PC internet or mobile browser using Wi-Fi technology. Without having to connect any cables, within a browser you can use diverse function such as multimedia transfer, music listening, PIMS management, text message, file search, and so on.

VULNERABILITY SUMMARY
=======================
The default application behaviour of the Kies Air application was analyzed uncovering a local authorization bypass attack that allows a malicious attacker to obtain the full contents of the phone. Kies Air uses IP based authorization to allow access to the owners device via a web browser. The application has support for HTTPS but does not use it. Once a request is granted to an IP, an attacker can spoof the IP, de-authenticate the authorized client and assume the IP to retrieve content without alarming the user. It was also found that a specially crafted request can cause the application to crash at will. This DoS attack only requires the application to be running.

DETAILS
=======
Authorization Bypass:
A series of HTTP requests are made when the client connects to the Kies Air web server. The server responds with two 301 responses. The first 301 Moved Permanently response points to http://{TARGET_IP}:8080/www/index.html followed by another 301 pointing to a new URI location at: http://{TARGET_IP}:8080/www/index.gz.html - if the user is allowed access, the server responds with 200 OK otherwise a 401 Unauthorized response is returned.
Once the Kies Air web server is identified a de-authentication request can be sent to remove the authorized user on the network and obtain the authorized IP. Requesting access to Kies Air does not require the client to re-authenticate nor alert the mobile user that another connection attempt is being made.